search

awslabs / dynamodb-continuous-backup

Continuous backup automation for Amazon DynamoDB
Apache License 2.0
185 stars 27 forks source link

AccessDeniedException when calling the CreateFunction : denied by S3 #7

Closed BMR59920 closed 8 years ago

BMR59920 commented 8 years ago

CloudWatch reports the following after deploy and table create. This is in the us-west-2 region. I think this is for the source bucket that houses LambdaStreamToFirehose-1.3.5.zip

An error occurred (AccessDeniedException) when calling the CreateFunction operation: Your access has been denied by S3, please make sure your request credentials have permission to GetObject for aws-lambda-streams-to-firehose-us-west-2/LambdaStreamToFirehose-1.3.5.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied: ClientError Traceback (most recent call last): File "/var/task/index.py", line 28, in event_handler backup.configure_table(dynamo_table_name) File "/var/task/dynamo_continuous_backup.py", line 320, in configure_table ensure_update_stream_event_source(dynamo_stream_arn) File "/var/task/dynamo_continuous_backup.py", line 197, in ensure_update_stream_event_source function_arn = ensure_lambda_streams_to_firehose() File "/var/task/dynamo_continuous_backup.py", line 253, in ensure_lambda_streams_to_firehose Publish=True File "/var/runtime/botocore/client.py", line 159, in _api_call return self._make_api_call(operation_name, kwargs) File "/var/runtime/botocore/client.py", line 494, in _make_api_call raise ClientError(parsed_response, operation_name) ClientError: An error occurred (AccessDeniedException) when calling the CreateFunction operation: Your access has been denied by S3, please make sure your request credentials have permission to GetObject for aws-lambda-streams-to-firehose-us-west-2/LambdaStreamToFirehose-1.3.5.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied

IanMeyers commented 8 years ago

Have updated the suggested IAM role with the additional required permissions (sorry about that!)

        "s3:Get*",
        "s3:List*"
BMR59920 commented 8 years ago

The additional IAM role permissions for the lambda exec role addresses this issue. Thank you!

yajat-payglocal commented 2 years ago

I have given S3 Full access in lambda execution role but still getting the same error. Weird part is, I am getting this in UAT not in develop.